Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Malware Removal

kushy

Posted 05 November 2005 - 04:23 PM

kushy

Member

Member

12 posts

Hi,

Recently I have been having internet connection problems. I constantly get disconnected of which it did not happen before. It automatically disconnects and reconnects me all the time. Just to let you know that I use secured wireless connection and have followed each step described in your forum and therefore I am pasting the log as follows:

Double-click on Killbox.exe to run it. Place the following lines (complete paths) in bold in the "Full Path of File to Delete" box in Killbox, and click the red button with the white X on it after each

For these files, put a mark next to "Delete on Reboot". Copy and paste each file into the file name box, then click the red button with the X after each. It will ask you if you want to reboot each time you click it, answer NO until after you've pasted the last file name, at which time you should answer Yes.Click "No" at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually.

***

Next, please reboot your computer in Safe Mode by doing the following:1) Restart your computer2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.3) Instead of Windows loading as normal, a menu should appear4) Select the first option, to run Windows in Safe Mode.

Open HijackThisPlace a check against each of the following, making sure you get them all and not any others by mistake:R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.hycvrcnup...WRh2hpU6U/D.htm

Close all programs leaving only HijackThis running. Click on Fix Checked when finished and exit HijackThis.

***

Next, run Ewido again.

Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.

If ewido finds anything, it will pop up a notification. We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, pcAnywhere and the game "Risk" have been flagged), select "none" as the action. DO NOT check "Perform action with all infections". If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if ewido needs to be run again.

When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.

***

Use Windows Explorer to remove these folders:C:\Documents and Settings\All Users\Application Data\Option body army plan\C:\Documents and Settings\All Users\Application Data\Showkindregsproc\C:\Documents and Settings\KUSHUM\Application Data\SHOWSI~1\ <= this is an abreviation!Close Windows Explorer when you are done.

***

Reboot back to normal mode.

***

Download Findlop by Metallica. Unzip it to your desktop.Double click findlop.bat. It will open a notepad file.Copy the content of that file and past it here in your reply.Also post me the Ewido log and a fresh HijackThis log.

kushy

Posted 06 November 2005 - 05:07 PM

kushy

Member

Topic Starter

Member

12 posts

Hi g2i2r4,

thankyou for taking your time to look over the log. I have followed all the steps u asked me to do. But when downloaded KillBox and pasted in the file paths it popped up saying "This file does not exist"and when fixed the check ones in HijackLog I got this message during the process:"Unexpected error occuredError #52 (bad file name or number in Sub GetLongPath(exe".exe)......."

Double-click on Killbox.exe to run it. Place the following lines (complete paths) in bold in the "Full Path of File to Delete" box in Killbox, and click the red button with the white X on it after each

For these files, put a mark next to "Delete on Reboot". Copy and paste each file into the file name box, then click the red button with the X after each. It will ask you if you want to reboot each time you click it, answer NO until after you've pasted the last file name, at which time you should answer Yes.Click "No" at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually.

***

Please reboot your computer in Safe Mode by doing the following:1) Restart your computer2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.3) Instead of Windows loading as normal, a menu should appear4) Select the first option, to run Windows in Safe Mode.

kushy

Posted 07 November 2005 - 02:18 PM

kushy

Member

Topic Starter

Member

12 posts

Hiya,

Before I could follow all your instructions through, the KillBox jus doesnt seem to recognise the paths u want me to delete and nothing happens when i press delete. I have already created the notepad as mentioned by you and followed the instructions. I havent done the hijack log yet as i thought the KillBox is not working.

I am constantly being disconnected do you know wat the problem is??? does it look as if it is definitely a spyware or could it be to do with the settings on my internet.

When i searched for the paths on SEARCH via Start it kept saying that the “…..” refers to a location that is unavailable. It could be on a hard drive on this computer, or on a network. Check to make sure that the disk is properly inserted, or that you are connected to the internet or your network. If it still cannot be located, the information might have been moved to a different location..

g2i2r4

Posted 08 November 2005 - 03:12 PM

g2i2r4

retired HiJack Helper

Retired Staff

5,080 posts

Let's do it another way than.

Download CleanUp!.If that doesn’t work, use this link.Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:*Click "Options..."*Move the arrow down to "Custom CleanUp!"*Put a check next to the following:

Posted 09 November 2005 - 03:14 PM

kushy

Posted 10 November 2005 - 09:06 AM

kushy

Member

Topic Starter

Member

12 posts

Hi,

I tried searching for the file.....but it couldn't find it and I've used KillBox which doesnt work at all..
So i'm not sure how u want me to get rid of this file...
Did u want me to delete it via HijackThis software.

Advertisements

g2i2r4

Posted 10 November 2005 - 09:23 AM

kushy

Posted 10 November 2005 - 10:02 AM

kushy

Member

Topic Starter

Member

12 posts

Hiya,

When I try using the KillBox by pasting in the path and checking "delete on reboot" and click on the Red button with white cross nothing seems to happen.
And when i search for the path in KillBox it says it doesnt exist.

Hope to hear from you soon.
thnx

kushy
p.s are we anywhere near resolving the internet connection problem, because it still seems to be reconnecting and disconnecting constantly.